← back
CVE-2019-25711

SpotFTP Password Recover 2.4.2 Denial of Service via Name Field

CVSS 6.9 MEDIUMEPSS 0.2%CWE-807
SpotFTP Password Recover 2.4.2 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized buffer in the Name field during registration. Attackers can generate a 256-byte payload, paste it into the Name input field, and trigger a crash when submitting the registration code.
CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Affected products
NSauditor · SpotFTP Password Recover
public PoCs found1
cve_referencewww.exploit-db.com/exploits/46088unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://www.exploit-db.com/exploits/46088https://www.vulncheck.com/advisories/spotftp-password-recover-denial-of-service-via-name-field